Directory Traversal

github.com/0xJacky/Nginx-UI is vulnerable to Directory Traversal. The vulnerability is due to insufficient verification of values from the JSON field, allowing the construction of values in the form of ../../, which can lead to arbitrary file writing...

The vulnerability of the User Interface component of the Oracle Installed Base system, a component of the Oracle E-Business Suite, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the User Interface component of the Oracle Installed Base information storage center in the Oracle E-Business Suite related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

CVE-2024-20273 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient...

CVE-2024-49367

CVE-2024-49367 affects Nginx UI prior to version 2.0.0-beta.36. The issue is a controllable log path that, when combined with directory traversal at the /api/configs endpoint, allows reading directories and file contents on the server. A fixed version is 2.0.0-beta.36. Connected sources confirm t...

Nginx UI 安全漏洞

Nginx UI is a WebUI for Nginx by Jacky's personal developer. A security vulnerability exists in Nginx UI versions prior to 2.0.0-beta.36, which stems from the fact that its log path is controlled, allowing an attacker to read the contents of directories and files on the server in conjunction with...

The vulnerability of the user interfaces of Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the user interfaces of Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information through a specially created...

Unauthenticated Denial of Service (DoS) via Multipart Boundary in recent integration of Gradio UI

This report is not public...

KLA74117 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Parce...

PT-2024-7378 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions up to 129.0.2792.52 Description: A spoofing issue is present in Microsoft Edge, related to errors in user interface information representation. This could allow a remote attacker to conduct spoofing...

CVE-2024-20512

CVE-2024-20512 concerns Cisco Unified Contact Center Management Portal (Unified CCMP). The vulnerability is a reflected cross-site scripting (XSS) flaw in the web-based management interface caused by improper validation of user input. An unauthenticated, remote attacker can lure a user to click a...

webkitgtk: Visiting a malicious website may lead to address bar spoofing

A flaw was found in WebKit. This flaw allows a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. The attacker could perform address bar spoofing by tricking a victim into visiting a specially crafted website...

CVE-2024-21258

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base...

IBM WebSphere Application Server 跨站脚本漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

DEBIAN-CVE-2024-9964

Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant...

KLA74034 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Web Authenticatio...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in versions prior to Google Chrome 130.0.6723.58, which can be exploited by remote attackers to perform UI spoofing via a crafted HTML page...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in versions prior to Google Chrome 130.0.6723.58, which can be exploited by remote attackers to perform UI spoofing via a crafted HTML page...

The vulnerability of the Downloads component in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user interface.

The vulnerability of the Downloads component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to replace the user interface with a specially created HTML page...

The vulnerabilities of Google Chrome and Microsoft Edge involve security checks for standard elements, which allow attackers to replace the user interface.

The vulnerability of Google Chrome and Microsoft Edge is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...